Black Friday brings out hackers looking to rip you off

Black Friday and Cyber Monday are expected to be the biggest shopping days of the year. Hackers are hoping to steal from unsuspecting customers.

Mike Kemp/In Pictures via Getty Images

It's a real steal.

With shoppers on the lookout for Black Friday and Cyber Monday deals, thieves are creating malicious apps to steal from eager buyers, as well as targeting online retailers with malware, according to researchers.

Black Friday and Cyber Monday, which come right after Thanksgiving Day, are two of the most popular days for shopping online, with retailers offering big discounts and deals to capitalize on the holiday season.

Last November, Cyber Monday was the largest online sales day ever, with people spending $6.59 billion, according to Adobe. Black Friday brought in more than $5 billion in sales.

With all that money comes hackers looking for a quick payday from unsuspecting shoppers, whether it's through attacking retailers or tricking people directly.

"Black Friday and Cyber Monday are great days for getting deals while shopping online, but it's also a time when hackers get more active," Russ Schrader, the National Cybersecurity Alliance's executive director, said.

Hackers are fully aware of how much money they could steal from eager shoppers online looking for low prices. In a survey of consumers by DNS security company DomainTools, 62 percent of respondents said they would still buy from a brand that's been breached if the deals are good enough.

"This year's respondents were clear that they are willing to overlook previous breaches in lieu of a Cyber Monday deal," Corin Imai, senior security advisor at DomainTools, said in a statement.

If shoppers are willing to take risks for discounts, thieves are ready to take advantage. Researchers from RiskIQ, a security company, found hundreds of fake apps and websites pretending to offer deals while stealing information instead.

Researchers looked up "Black Friday" in app stores, and found that 237 of 4,324 results were malicious, and 44 out of 959 "Cyber Monday" apps were also malicious, RiskIQ said. For the top 10 retailers of Black Friday in 2017 -- which RiskIQ declined to name -- researchers found 6,615 malicious apps pretending to offer deals.

"With the staggering amount of money spent by consumers each year over the Black Friday weekend, it's no surprise that we detected so much threat activity," Yonathan Klijnsma, a head researcher at RiskIQ, said in an email. "While we can't tell exactly how successful these malicious apps and landing pages are, the fact that we see them spun up every year indicates that they're working."

Hackers are also ramping up their attacks on popular retailers. Researchers from Kaspersky Lab found that from July to September, hackers attacked online stores 9.2 million times. That's compared to 11.2 million attempts throughout all of 2017, the security company said.

Kaspersky Lab was tracking 14 types of malware targeting 67 different websites, which range from electronics and video games to clothes and toys. Hackers were attempting to inject banking malware that would steal your credit card information for hackers to use, Yury Namestnikov, a principal security researcher at Kaspersky Lab, said in a statement.

He noted that this malware has been common in the past, but hackers are now specifically targeting online shoppers.

"As we come into the busiest online shopping season of the year, we urge consumers and retailers to be extra vigilant about their security, and to check and double check the integrity of websites before entering or downloading any data," he said in a post.

In some cases, if a website has already been compromised, it's hard to know until it's too late.

The NCSA recommends avoiding deals coming in via email, and suggests heading to the store's website directly. Fake deals will often have typos and suspicious email addresses, Schrader said.

RiskIQ noted that you should only download apps from Google and Apple's official stores, and be suspicious of apps that ask for more information than a shopping app would likely need. Be wary if a shopping app asks for access to contacts or passwords.